Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pmw-4.30/src/debug.c
Examining data/pmw-4.30/src/read6.c
Examining data/pmw-4.30/src/read5.c
Examining data/pmw-4.30/src/main.c
Examining data/pmw-4.30/src/setnbar.c
Examining data/pmw-4.30/src/globals.c
Examining data/pmw-4.30/src/print.c
Examining data/pmw-4.30/src/setslur.c
Examining data/pmw-4.30/src/possubs.c
Examining data/pmw-4.30/src/ps.c
Examining data/pmw-4.30/src/init.c
Examining data/pmw-4.30/src/outhdr.h
Examining data/pmw-4.30/src/read3.c
Examining data/pmw-4.30/src/preprocess.c
Examining data/pmw-4.30/src/midi.c
Examining data/pmw-4.30/src/pmwhdr.h
Examining data/pmw-4.30/src/sethairpin.c
Examining data/pmw-4.30/src/read1.c
Examining data/pmw-4.30/src/setbeam.c
Examining data/pmw-4.30/src/pagehdr.h
Examining data/pmw-4.30/src/paginate.c
Examining data/pmw-4.30/src/store.c
Examining data/pmw-4.30/src/transpose.c
Examining data/pmw-4.30/src/read2.c
Examining data/pmw-4.30/src/font.c
Examining data/pmw-4.30/src/poshdr.h
Examining data/pmw-4.30/src/shownote.c
Examining data/pmw-4.30/src/pagesubs.c
Examining data/pmw-4.30/src/setdraw.c
Examining data/pmw-4.30/src/setother.c
Examining data/pmw-4.30/src/rdargs.h
Examining data/pmw-4.30/src/read4.c
Examining data/pmw-4.30/src/out2.c
Examining data/pmw-4.30/src/settie.c
Examining data/pmw-4.30/src/out1.c
Examining data/pmw-4.30/src/setbar.c
Examining data/pmw-4.30/src/misc.c
Examining data/pmw-4.30/src/error.c
Examining data/pmw-4.30/src/settext.c
Examining data/pmw-4.30/src/readhdr.h
Examining data/pmw-4.30/src/setwarn.c
Examining data/pmw-4.30/src/format.c
Examining data/pmw-4.30/src/rdargs.c
Examining data/pmw-4.30/src/version.c
Examining data/pmw-4.30/src/setnote.c
Examining data/pmw-4.30/src/string.c
Examining data/pmw-4.30/src/postable.c
Examining data/pmw-4.30/src/barhdr.h
Examining data/pmw-4.30/src/tables.c
Examining data/pmw-4.30/src/tree.c
FINAL RESULTS:
data/pmw-4.30/src/error.c:245:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CS buff, "PMW version %s\n", version_string);
data/pmw-4.30/src/error.c:318:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CS buff, "** File \"%s\" (included), near line %d", name,
data/pmw-4.30/src/error.c:321:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CS buff, "** File \"%s\", near line %d", name,
data/pmw-4.30/src/font.c:520:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CS filename, "%s/%s.afm", font_metrics_extra, fs->psname);
data/pmw-4.30/src/font.c:528:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CS filename, "%s/%s.afm", font_metrics_default, fs->psname);
data/pmw-4.30/src/format.c:78:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
count = sprintf(CS buff, "%d %s%s", number, name, (number==1)?"":"s");
data/pmw-4.30/src/format.c:100:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
count += sprintf(CS buff+count, "%d/%d %s", length, d, name);
data/pmw-4.30/src/format.c:152:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
count += sprintf(CS tbuff + count, "%s%d", z, r);
data/pmw-4.30/src/format.c:189:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
return sprintf(CS buff, "%c%s%s%s", "ABCDEFG"[key], a, m, c);
data/pmw-4.30/src/format.c:244:37: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (p->first == p->last) count += sprintf(CS buff+count, "%s%d", c, p->first);
data/pmw-4.30/src/format.c:245:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else count += sprintf(CS buff+count, "%s%d-%d", c, p->first, p->last);
data/pmw-4.30/src/format.c:346:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
c = sprintf(CS buff, "%s%s", letters[note], octavestring[octave]);
data/pmw-4.30/src/format.c:395:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(CS p, "%s", va_arg(ap, int)? "true" : "false");
data/pmw-4.30/src/format.c:403:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(CS p, lz? "%0*d":"%*d", width, va_arg(ap, int));
data/pmw-4.30/src/format.c:412:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(CS p, lz? "%0*g":"%*g", width, va_arg(ap, double));
data/pmw-4.30/src/format.c:441:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(CS p, "%s", va_arg(ap, uschar *));
data/pmw-4.30/src/format.c:449:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(CS p, lz? "%0*x":"%*x", width, va_arg(ap, int));
data/pmw-4.30/src/format.c:453:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(CS p, lz? "%0*X":"%*X", width, va_arg(ap, int));
data/pmw-4.30/src/pmwhdr.h:95:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define Ustrcat(s,t) strcat(CS(s),CS(t))
data/pmw-4.30/src/pmwhdr.h:98:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define Ustrcpy(s,t) strcpy(CS(s),CS(t))
data/pmw-4.30/src/ps.c:1566:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CS buff, "%s/%s", ps_fontdir_extra, name);
data/pmw-4.30/src/ps.c:1574:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CS buff, "%s/%s", ps_fontdir_default, name);
data/pmw-4.30/src/setnbar.c:128:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(CS p, "%s%d", comma, b->n);
data/pmw-4.30/src/setnbar.c:130:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(CS p, "%s%s", comma, b->s);
data/pmw-4.30/src/shownote.c:331:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(CS p, n_upflag? "}" : "yy{");
data/pmw-4.30/src/shownote.c:391:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(CS p, n_upflag? "}" : "yy{");
data/pmw-4.30/src/shownote.c:446:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(CS p, "%s", tailstrings[n_notetype + n_upflag*8]);
data/pmw-4.30/src/shownote.c:560:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(CS p, n_upflag? "{{{" : "zzzz");
data/pmw-4.30/src/shownote.c:1273:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(CS p, "%s", ornament_strings[ornament]);
data/pmw-4.30/src/debug.c:1028:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (moff == 0) sprintf(s, " "); else
data/pmw-4.30/src/debug.c:1029:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (moff % len_minim == 0) sprintf(s, "%2dm", moff/len_minim); else
data/pmw-4.30/src/debug.c:1030:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (moff % len_crotchet == 0) sprintf(s, "%2dc", moff/len_crotchet); else
data/pmw-4.30/src/debug.c:1031:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (moff % len_quaver == 0) sprintf(s, "%2dq", moff/len_quaver); else
data/pmw-4.30/src/debug.c:1032:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (moff % len_squaver == 0) sprintf(s, "%2ds", moff/len_squaver); else
data/pmw-4.30/src/debug.c:1033:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (moff % len_dsquaver == 0) sprintf(s, "%2dd", moff/len_dsquaver); else
data/pmw-4.30/src/debug.c:1034:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, " ");
data/pmw-4.30/src/error.c:254:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CS buff, "** Unknown error number %d\n", n);
data/pmw-4.30/src/font.c:1057:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(font_transform, newmatrix, 4*sizeof(int));
data/pmw-4.30/src/format.c:89:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
count += sprintf(CS buff, "%d ", length/len_crotchet);
data/pmw-4.30/src/format.c:140:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
count += sprintf(CS tbuff + count, "%d", qr.quot);
data/pmw-4.30/src/format.c:215:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (m != 1) count += sprintf(CS buff, "%d*", m);
data/pmw-4.30/src/format.c:218:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return count + sprintf(CS buff+count, "%d/%d", n, d);
data/pmw-4.30/src/format.c:277:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(CS buff, "%d",
data/pmw-4.30/src/format.c:288:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (b == 0) return sprintf(CS buff, "%d", a);
data/pmw-4.30/src/format.c:289:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else return sprintf(CS buff, "%d.%d", a, b);
data/pmw-4.30/src/format.c:314:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(CS buff, " in movement %d", movtnumber);
data/pmw-4.30/src/format.c:349:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else c = sprintf(CS buff, "unset");
data/pmw-4.30/src/format.c:399:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "%c", va_arg(ap, int));
data/pmw-4.30/src/format.c:437:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "%p", (void *)va_arg(ap, uschar *));
data/pmw-4.30/src/midi.c:60:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char midi_transpose[MAX_STAVE+1];
data/pmw-4.30/src/misc.c:177:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CS vn, "%d", ts >> 8);
data/pmw-4.30/src/misc.c:178:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CS vd, "%d", ts & 255);
data/pmw-4.30/src/misc.c:278:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, len);
data/pmw-4.30/src/out1.c:294:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/out1.c:468:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/out1.c:760:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(font_transform, this->d.t.matrix, 4*sizeof(int));
data/pmw-4.30/src/out2.c:370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CS vn, "%d", ts >> 8);
data/pmw-4.30/src/out2.c:371:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CS vd, "%d", ts & 255);
data/pmw-4.30/src/pagesubs.c:184:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/pagesubs.c:280:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (h->matrix != NULL) memcpy(font_transform, h->matrix, 4*sizeof(int));
data/pmw-4.30/src/pagesubs.c:302:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, h, sizeof(headstr));
data/pmw-4.30/src/paginate.c:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_stavemap, curmovt->staves, STAVE_BITVEC_SIZE*sizeof(int));
data/pmw-4.30/src/paginate.c:196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_accepteddata->notespacing, curmovt->notespacing, 8*sizeof(int));
data/pmw-4.30/src/paginate.c:318:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_ssehere, page_ssenext, (page_lastwanted+1)*sizeof(int));
data/pmw-4.30/src/paginate.c:327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_sysblock->notsuspend, page_accepteddata->notsuspend,
data/pmw-4.30/src/paginate.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save_notespacing, page_accepteddata->notespacing, 8*sizeof(int));
data/pmw-4.30/src/paginate.c:477:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_sysblock->showtimes, page_showtimes, STAVE_BITVEC_SIZE * sizeof(int));
data/pmw-4.30/src/paginate.c:864:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_nextdata->notespacing, save_notespacing, 8*sizeof(int));
data/pmw-4.30/src/pmwhdr.h:91:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define Uatoi(s) atoi(CS(s))
data/pmw-4.30/src/pmwhdr.h:93:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define Ufopen(s,t) fopen(CS(s),CS(t))
data/pmw-4.30/src/pmwhdr.h:884:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char playtranspose[MAX_STAVE+1];
data/pmw-4.30/src/possubs.c:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t+1, t, sizeof(workposstr));
data/pmw-4.30/src/possubs.c:166:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t+1, t, sizeof(workposstr));
data/pmw-4.30/src/postable.c:412:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_nextdata->notespacing, curmovt->notespacing,
data/pmw-4.30/src/postable.c:1310:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/ps.c:140:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps_curfonttransform, font_transform, 6*sizeof(int));
data/pmw-4.30/src/ps.c:845:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(CS sbuff, "\\%03o", ch);
data/pmw-4.30/src/read1.c:765:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curmovt->notespacing, main_notespacing, 8*sizeof(int));
data/pmw-4.30/src/read1.c:774:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curmovt->staves, main_staves, STAVE_BITVEC_SIZE*sizeof(int));
data/pmw-4.30/src/read1.c:1200:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(main_notespacing, init_notespacing, 8*sizeof(int));
data/pmw-4.30/src/read2.c:358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((uschar *)curmovt) + read_dir->arg1, read_map,
data/pmw-4.30/src/read2.c:985:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curmovt->layout, temp, ptr * sizeof(int));
data/pmw-4.30/src/read2.c:1094:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, *anchor, size);
data/pmw-4.30/src/read2.c:1225:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, temp, (max+1) * sizeof(int));
data/pmw-4.30/src/read2.c:1691:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stavesizes, curmovt->stavesizes, (MAX_STAVE+1)*sizeof(int));
data/pmw-4.30/src/read4.c:820:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/setbar.c:844:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CS s, "%d", numberwanted);
data/pmw-4.30/src/setbar.c:845:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/setdraw.c:728:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp, x, cp*sizeof(int));
data/pmw-4.30/src/setdraw.c:729:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp+cp, y, cp*sizeof(int));
data/pmw-4.30/src/setdraw.c:730:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp+cp+cp, c, cp*sizeof(int));
data/pmw-4.30/src/setdraw.c:850:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[20];
data/pmw-4.30/src/setdraw.c:851:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, " (bad value %d) ", pp[-1].d.val);
data/pmw-4.30/src/setdraw.c:1031:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(draw_stack + out_drawstackptr,
data/pmw-4.30/src/setdraw.c:1442:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/setdraw.c:1501:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->d.t.matrix, font_transform, 4*sizeof(int));
data/pmw-4.30/src/setnote.c:354:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/setnote.c:360:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CS s, "%d", out_manyrest);
data/pmw-4.30/src/setother.c:227:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/setother.c:261:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CS s, "%d", out_plet->pletlen);
data/pmw-4.30/src/setslur.c:319:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/settext.c:314:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/shownote.c:458:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "%cww|", stemch);
data/pmw-4.30/src/shownote.c:472:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "xxx");
data/pmw-4.30/src/shownote.c:475:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "q|");
data/pmw-4.30/src/shownote.c:495:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "%cxx~", stemch);
data/pmw-4.30/src/shownote.c:509:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "www");
data/pmw-4.30/src/shownote.c:512:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "r~v");
data/pmw-4.30/src/shownote.c:532:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "}}}}{{{{z");
data/pmw-4.30/src/shownote.c:538:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(CS p, "{yyyyyyyyyyyy}");
data/pmw-4.30/src/shownote.c:1145:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (matrix != NULL) memcpy(font_transform, matrix, 4*sizeof(int));
data/pmw-4.30/src/store.c:88:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tracefile == NULL) tracefile = fopen("storetrace", "w");
data/pmw-4.30/src/store.c:239:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yield, p, length);
data/pmw-4.30/src/string.c:347:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+p, pp, n);
data/pmw-4.30/src/string.c:361:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ss, s, size);
data/pmw-4.30/src/string.c:410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ss, s, p);
data/pmw-4.30/src/string.c:421:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sss, ss, size);
data/pmw-4.30/src/string.c:731:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ss += sprintf(CS ss, "%d", curpage->number);
data/pmw-4.30/src/string.c:736:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ((curpage->number & 1) != 0) ss += sprintf(CS ss, "%d", curpage->number);
data/pmw-4.30/src/string.c:741:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ((curpage->number & 1) == 0) ss += sprintf(CS ss, "%d", curpage->number);
data/pmw-4.30/src/error.c:351:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(CS buff+i, "<");
data/pmw-4.30/src/format.c:216:38: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
if (d == time_common) return count + sprintf(CS buff+count, "C");
data/pmw-4.30/src/format.c:217:35: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
if (d == time_cut) return count + sprintf(CS buff+count, "A");
data/pmw-4.30/src/format.c:347:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
while (c < 5) sprintf(CS buff+c++, " ");
data/pmw-4.30/src/main.c:471:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(results[arg_dsb].text)) error_moan(77); /* Hard */
data/pmw-4.30/src/pmwhdr.h:99:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define Ustrlen(s) (int)strlen(CS(s))
data/pmw-4.30/src/pmwhdr.h:100:28: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define Ustrncat(s,t,n) strncat(CS(s),CS(t),n)
data/pmw-4.30/src/pmwhdr.h:102:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define Ustrncpy(s,t,n) strncpy(CS(s),CS(t),n)
ANALYSIS SUMMARY:
Hits = 128
Lines analyzed = 41404 in approximately 1.03 seconds (40389 lines/second)
Physical Source Lines of Code (SLOC) = 26371
Hits@level = [0] 126 [1] 8 [2] 91 [3] 0 [4] 29 [5] 0
Hits@level+ = [0+] 254 [1+] 128 [2+] 120 [3+] 29 [4+] 29 [5+] 0
Hits/KSLOC@level+ = [0+] 9.63179 [1+] 4.85382 [2+] 4.55045 [3+] 1.09969 [4+] 1.09969 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.